CN112417407A - Data authorization processing method, device, equipment and storage medium - Google Patents

Data authorization processing method, device, equipment and storage medium Download PDF

Info

Publication number
CN112417407A
CN112417407A CN202011447324.1A CN202011447324A CN112417407A CN 112417407 A CN112417407 A CN 112417407A CN 202011447324 A CN202011447324 A CN 202011447324A CN 112417407 A CN112417407 A CN 112417407A
Authority
CN
China
Prior art keywords
authorization
data
user
request
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011447324.1A
Other languages
Chinese (zh)
Inventor
钟晓珍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN202011447324.1A priority Critical patent/CN112417407A/en
Publication of CN112417407A publication Critical patent/CN112417407A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a processing method, a device, equipment and a storage medium for data authorization, wherein in the scheme, first equipment serving as a management node acquires the authorization of a user and simultaneously acquires the authority which can share the authorization of the user with other equipment, and after the first equipment receives an authorization request which is sent by other equipment and requests the authority of using personal data of the user, the first equipment obtains authorization and related authorization information according to the authorization request and a data authorization protocol signed by the user, and sends the authorization and the authorization information to other equipment, so that links interacting with terminal equipment of the user in the development process are reduced, repeated authorization of the user on the same kind of scenes of data is reduced, the operation of the user is reduced, and the efficiency of acquiring the authorization of the user is improved.

Description

Data authorization processing method, device, equipment and storage medium
Technical Field
The present invention relates to the field of computers, and in particular, to a method, an apparatus, a device, and a storage medium for processing data authorization.
Background
With the development of computer technology, users need to install various types of application programs according to different requirements in the process of using intelligent terminal devices such as tablet computers, smart phones and the like. In the use process of many application programs, personal data of users are needed, and according to the rules of the fortieth clause of the network security law: the personal information authorization must obtain the authorization agreement of the collector, and collect, store and use the personal information of the user according to the legal and administrative rules and the agreement with the user. That is to say the use of the user's personal data requires user authorization.
Currently, according to the regulations of "personal information security regulations", authorization consent is divided into explicit consent and implicit consent, and explicit consent includes active click, active check, and the like. Before the user explicitly agrees, the user needs to be fully informed of necessary information for personal information collection, including purpose of use, type and scope of information, user right, etc. But also different data processing scenarios, purposes, etc. determine different ways of obtaining the user's authorization. Therefore, at the beginning of the application program, the user can be informed of the personal data of the user, such as the required data, purpose, information type, scope, user right, and the like by sending a notice, and the user is waited for the authorization. When the user authorizes the use, the user is required to sign a corresponding data authorization protocol. For personal data such as the same user data, the same purpose of use, information type and scope, user right, etc., different data users need to establish corresponding authorization media or channels with the user respectively to perform explicit approval authorization, for example, when using different application programs, each application program needs to be authorized with the user respectively.
However, in the current method, not only is a development link increased in the development process of the application program, but also each data processing party or application party needing to apply personal data of the user needs authorization of the user, so that a large number of repeated operations are increased, and the method for obtaining the user authorization as a whole is inefficient.
Disclosure of Invention
The invention mainly aims to provide a data authorization processing method, a data authorization processing device, data authorization processing equipment and a data authorization storage medium, and aims to solve the problems that in the prior art, a development link is increased in a user authorization obtaining mode, a large number of repeated operations of a user are increased, and the user authorization obtaining mode is low in efficiency.
In order to achieve the above object, the present invention provides a method for processing data authorization, which is applied to a first device, and the method includes:
receiving a first authorization request sent by a second device, wherein the first authorization request is used for requesting the authority of using personal data of a user;
acquiring authorization and authorization information according to the data authorization request; the authorization and the authorization information are obtained according to a data authorization protocol signed by the user, and the user authorizes the authority content shared by the first device;
and sending the authorization and the authorization information to the second device.
In a specific embodiment, before receiving the first authorization request sent by the second device, the method further includes:
sending a second authorization request to the terminal equipment of the user, wherein the second authorization request is used for requesting the authority of using the personal data of the user;
receiving and storing the data authorization protocol signed by the user and returned by the terminal equipment;
sending a third authorization request to the terminal device, wherein the third authorization request is used for requesting the authority of providing the user personal data to other data users;
and receiving an authorization result returned by the terminal equipment, wherein the authorization result is used for indicating whether the user allows the authorization and the authorization information to be provided for other data users.
In a specific implementation manner, the first authorization request includes a right required by the second device, and the obtaining authorization and authorization information according to the data authorization request includes:
when the authority in the first authorization request is consistent with the authority in a data authorization protocol signed by the user, obtaining the authorization and the authorization information according to the data authorization protocol;
wherein the authorization information comprises at least one of: data scenario, purpose of use, type and scope of information, scope of authorization, user rights.
In a specific implementation manner, when the authority in the first authorization request is inconsistent with the authority in the data authorization protocol signed by the user, a fourth authorization request is sent to the terminal device of the user according to the authority in the first authorization request, and the fourth authorization request is used for requesting the authority in the first authorization request;
receiving a new data authorization protocol signed by the user and returned by the terminal equipment;
and obtaining the authorization and the authorization information according to the new data authorization protocol.
In a specific embodiment, before receiving the first authorization request sent by the second device, the method further includes:
receiving a connection establishment request sent by the second device, wherein the connection establishment request is used for accessing the first device;
and establishing connection with the second equipment according to a pre-configured connection establishment protocol and the connection establishment request, and returning a connection establishment response to the second equipment.
The invention also provides a data authorization processing method, which is applied to second equipment and comprises the following steps:
transmitting a first authorization request to a connected first device, the first authorization request requesting a right to use personal data of a user;
and receiving authorization and authorization information returned by the first equipment, wherein the authorization and the authorization information are obtained by the first equipment according to a data authorization protocol signed by the user and the authority content shared by the first equipment authorized by the user.
In a specific embodiment, the first authorization request includes a right required by the second device, where the right includes at least one of: data scenario, purpose of use, type and scope of information, scope of authorization, user rights.
In a specific embodiment, before sending the first authorization request to the connected first device, the method further includes:
sending a connection establishment request to the first equipment according to a pre-configured connection establishment protocol, wherein the connection establishment request is used for accessing the first equipment;
and receiving a connection establishment response returned by the first equipment.
The invention also provides a data authorization processing method, which is applied to terminal equipment and comprises the following steps:
receiving a second authorization request sent by the first device, wherein the second authorization request is used for requesting the authority of using the personal data;
signing a data authorization agreement in response to the operation of a user, and returning the signed data agreement to the first device;
receiving a third authorization request sent by the first device, wherein the third authorization request is used for requesting the authority of providing the personal data of the user to other data users;
and an authorization result returned to the first device in response to the operation of the user, wherein the authorization result is used for indicating whether the user allows the authorization and the authorization information to be provided to other data users.
The invention also provides a data authorization processing device, which comprises:
the receiving module is used for receiving a first authorization request sent by second equipment, wherein the first authorization request is used for requesting the authority of using personal data of a user;
the processing module is used for acquiring authorization and authorization information according to the data authorization request; the authorization and the authorization information are obtained according to a data authorization protocol signed by the user, and the user authorizes the authority content shared by the processing device authorized by the data;
and the sending module is used for sending the authorization and the authorization information to the second equipment.
The invention also provides a data authorization processing device, which comprises:
a sending module, configured to send a first authorization request to a connected first device, where the first authorization request is used to request an authority to use personal data of a user;
and the receiving module is used for receiving authorization and authorization information returned by the first equipment, wherein the authorization and the authorization information are obtained by the first equipment according to a data authorization protocol signed by the user, and the user authorizes the authority content shared by the first equipment.
The invention also provides a data authorization processing device, which comprises:
the receiving module is used for receiving a second authorization request sent by the first equipment, and the second authorization request is used for requesting the authority of using the personal data;
the processing module is used for signing a data authorization protocol in response to the operation of a user;
the sending module is used for returning the signed data protocol to the first equipment;
the receiving module is further configured to receive a third authorization request sent by the first device, where the third authorization request is used to request permission to provide authorization of the personal data of the user to other data users;
the sending module is further configured to respond to an authorization result returned by a user to the first device, where the authorization result is used to indicate whether the user allows the authorization and the authorization information to be provided to other data users.
The present invention also provides an electronic device, including:
a memory, a processor, and an interactive interface;
the memory stores a computer program executable on the processor, which computer program, when executed by the processor, implements the steps of the processing method of data authorization as described above on the first device side.
The present invention also provides an electronic device, including:
a memory, a processor, and an interactive interface;
the memory stores a computer program operable on the processor, which computer program, when executed by the processor, implements the steps of the aforementioned processing method for data authorization on the second device side.
The present invention also provides a terminal device, including:
a memory, a processor, and an interactive interface;
the memory stores a computer program operable on the processor, and the computer program, when executed by the processor, implements the steps of the aforementioned processing method for data authorization on the terminal device side.
The present invention also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method for processing data authorization according to any of the preceding claims.
The invention also provides a computer program product comprising a computer program for execution by a processor of the steps of a processing method for data authorization according to any of the preceding claims.
In the invention, in order to avoid multiple authorizations of the same data, the first device serving as a management node acquires the authorization of the user and simultaneously acquires the authority which can share the authorization of the user with other devices, and after receiving an authorization request which is sent by other devices and requests the authority of using personal data of the user, the first device obtains authorization and related authorization information according to the authorization request and a data authorization protocol signed by the user, and sends the authorization and authorization information to other devices, thereby reducing a link which interacts with terminal devices of the user in the development process, reducing the repeated authorizations of the user on the same kind of scenes of the same data, reducing the operation of the user and improving the efficiency of acquiring the authorization of the user.
Drawings
FIG. 1 is a diagram illustrating a conventional data user obtaining personal data authorization of a user;
FIG. 2 is a schematic diagram of a data consumer obtaining personal data authorization of a user according to the present invention;
FIG. 3 is a diagram of an application scenario of a processing method for data authorization provided by the present invention;
FIG. 4 is a flowchart illustrating a first embodiment of a data authorization processing method according to the present invention;
FIG. 5 is a flowchart illustrating a second embodiment of a data authorization processing method provided by the present invention;
FIG. 6 is a flowchart illustrating a third embodiment of a data authorization processing method provided in the present invention;
FIG. 7 is a flowchart illustrating a fourth embodiment of a data authorization processing method provided in the present invention;
FIG. 8 is a schematic structural diagram of a first embodiment of a data authorization processing apparatus according to the present invention;
FIG. 9 is a schematic structural diagram of a second embodiment of a data authorization processing apparatus according to the present invention;
FIG. 10 is a schematic structural diagram of a third embodiment of a data authorization processing device provided in the present invention;
fig. 11 is a schematic structural diagram of a first electronic device according to an embodiment of the present invention;
fig. 12 is a schematic structural diagram of a second electronic device according to an embodiment of the present invention;
fig. 13 is a schematic structural diagram of a first terminal device according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Currently, the "network security law" and the "personal information security regulations" have detailed regulations on the security of personal data of users. For the use of personal data of a user, before obtaining the user's explicit consent, the user needs to be fully informed of necessary information for collecting and using personal data (also referred to as personal information), including the purpose of use, the type and scope of information, and the user's right. Moreover, differences in data processing scenarios, purposes, etc. determine different ways to obtain user authorization consent. For the behaviors of data transmission, sharing and the like, the behaviors can be carried out only after data desensitization (specific individuals cannot be identified and cannot be recovered after processing); otherwise, the data collector or data operator must not provide personal information to others without the user's consent.
Fig. 1 is a schematic diagram of a conventional data user obtaining personal data authorization of a user. When the data in part of scenes is desensitized and the personal data related to the same data scene, use purpose, information type and range, user right and the like are authorized to use, a user is required to sign a corresponding data authorization protocol. Therefore, as shown in fig. 1, even if the same data is used, the same usage scope needs to be authorized again, and each data user, that is, the subject that may use the data (the receipt collector, the data processor, and the data application party may not be consistent) needs to establish a corresponding authorization medium or channel with the user for explicit authorization, and if an Application (APP) is used, the user needs to re-authorize.
This current solution causes at least the following two problems:
1) the user experience is disturbed, a large number of repeated operations are increased, and the efficiency of obtaining the user authorization is low;
2) development or business links of applications on the data user side are increased, resulting in an increase in development cost.
Aiming at the problems, the invention provides a processing method of data authorization, and the arrangement thought of the scheme is as follows: in order to avoid the problem that multiple authorizations are carried out on the same data and user experience is caused, when a user logs in or uses any service platform for data collection operation, a user protocol of personal authorization is stored in a data collection party, the user can be authorized to the data collection party in a protocol or contract mode, authorized authorities can be shared to other data users when certain conditions are met, other data users can directly use the authorization protocol signed by the user on the data collection party, corresponding processing or application is carried out on the data, and therefore the problem that multiple data users need to carry out interaction authorization with the user can be avoided.
Fig. 2 is a schematic diagram of a data user obtaining personal data authorization of a user according to the present invention, and as shown in fig. 2, in the implementation of the present solution, a data collector, a data processor, a data application side, and other data users need to design a consensus mechanism for interactive obtaining of data authorization. The scheme shown in fig. 2 is that a data collector is used as a management node, and the data collector interacts with a user to obtain personal data authorization of the user and obtain the authority to share the authorization. And other data users interact with the data collector to acquire the required user authorization and authorization information.
Fig. 3 is an application scenario diagram of the processing method for data authorization provided by the present invention, and as shown in fig. 3, in the implementation of the processing scheme for data authorization provided by the present invention, at least three parties, namely a first device serving as a management node, a terminal device of a user, and a second device of another data user, are involved.
In the implementation of the scheme, a consensus mechanism needs to be designed in advance for second equipment of a data user and first equipment, the second equipment needing to use user data needs to be accessed to the first equipment under the same consensus mechanism, the first equipment interacts with a user side to obtain a data authorization protocol signed by a user, and meanwhile, the user also needs to obtain the authority of allowing the user to share authorization with other equipment, and the first equipment serves as a management node in the whole link and has safety management functions of managing, authenticating, authorizing, monitoring, auditing and the like for the added second equipment.
Optionally, the scheme may be implemented as a federation chain, where the federation chain is composed of a management node and multiple data users joining the federation chain, the management node is a preselected node used for sharing the authorization of the user, and other data users first need to join the federation chain based on a consensus mechanism when needing to obtain the authorization of the user, that is, to join the management node, so as to perform subsequent processes. Specifically, the alliance chain generates a certificate for the authorization protocol through digital DNA generated by the algorithm, the user signature allows the uplink, and the member organizations in the alliance chain can obtain the certificate for the authorization protocol of the user through the digital DNA algorithm. All entities using the corresponding data need to join the alliance chain, and the alliance chain is used for using the user authorization protocol.
In summary, no matter the implementation is realized by adopting the protocol between the devices or the manner of the alliance chain, the overall process of the scheme mainly involves three execution bodies, namely, a first device serving as a management node, at least one second device serving as a data user, and a terminal device of a user.
Optionally, the processing method of data authorization may also be applied to a block chain, where one node in the block chain is configured as a management node, and other nodes serving as data users acquire a required authorization protocol by accessing the management node, and the management node assumes a function of interacting with a terminal device of a user.
Based on the foregoing idea and application scenario, the following describes a processing method for data authorization by using several specific embodiments.
Fig. 4 is a schematic flow chart of a first embodiment of a processing method for data authorization provided by the present invention, as shown in fig. 4, the processing method for data authorization includes the following steps:
s101: and receiving a first authorization request sent by the second device, wherein the first authorization request is used for requesting the authority of using the personal data of the user.
In this step, when the second device as the data user needs to acquire the right to use the personal data of the user, the second device may send a first authorization request to the connected first device, where the first authorization request is used to request the right to use the personal data of the user. The data using party may be a data collecting party, a data processing party, a data applying party, and the like, and the scheme is not limited.
In this embodiment, the first device is a management node, and may be a device specifically configured to provide user authorization for other data users, or any one of the data users may be a device that implements a predetermined management function.
S102: acquiring authorization and authorization information according to the data authorization request; the authorization and the authorization information are obtained according to a data authorization protocol signed by the user, and the user authorizes the authority content shared by the first device.
In this step, first equipment serving as a management node needs to acquire authorization of a user, that is, the first equipment needs to interact with the user, and acquires a data authorization protocol signed by the user, where a data scene, a use purpose, an information type, a range, an authorization range, a user right, and the like are specified in the data authorization protocol, and the first equipment needs to acquire authorization for sharing an authority to other data users from the user while acquiring the authority for using personal data of the user. After obtaining the authorization of the user, the first device receives a first authorization request sent by other devices, and determines authorization and authorization information to be provided to the second device according to the authorization authority in the data authorization protocol signed by the user and the requested authority in the first authorization request.
In a specific implementation, if the data authorization protocol signed by the book includes the authority requested by the second device, the authorization and authorization information required by the second device can be directly obtained according to the data authorization protocol, and the authorization information includes at least one of a data scene, a use purpose, an information type and scope, an authorization scope, and a user right.
S103: the authorization and the authorization information are sent to the second device.
In this step, the first device sends the obtained authorization and authorization information to the second device. And the second equipment receives authorization and authorization information returned by the first equipment, wherein the authorization and the authorization information are obtained by the first equipment according to a data authorization protocol signed by the user, and the user authorizes the authority content shared by the first equipment.
And after receiving the required authorization and the authorization information, the second equipment acquires the personal data of the user according to the obtained authorization and uses the data according to the authorization information.
According to the processing method for data authorization, a first device serving as a management node acquires authorization of a user and acquires authorization which can share the authorization of the user with other devices, after receiving an authorization request which is sent by other devices and requests for using the authorization of personal data of the user, the first device obtains authorization and related authorization information according to the authorization request and a data authorization protocol signed by the user, and sends the authorization and authorization information to the other devices, so that links interacting with terminal devices of the user in a development process are reduced, repeated authorization of the user on similar scenes of the same type of data is reduced, user operation is reduced, and efficiency of acquiring the authorization of the user is improved.
Fig. 5 is a schematic flow chart of a second embodiment of the processing method for data authorization provided by the present invention, as shown in fig. 5, in combination with the foregoing embodiments, in the technical solution of the present invention, at least two processes are involved for the first device, one of the two processes is: the process of interactively acquiring the authority by the first equipment and the terminal equipment of the user; and the other process is that the first device interactively shares the right with other devices. In the embodiment, a process of sharing the right between the first device and the other device is mainly described.
On the basis of the foregoing embodiment, before the first device receives the first authorization request sent by the second device, as shown in fig. 5, the processing method of data authorization further includes the following steps:
s201: and sending a second authorization request to the terminal equipment of the user, wherein the second authorization request is used for requesting the authority of using the personal data of the user.
In this step, the first device serves as a management node, and when the first device needs to acquire the usage right of the personal data of the user, or when the first device needs to perform right sharing to other devices but does not acquire the right of the personal data of the user, the first device sends a second authorization request to the terminal device of the user, so that interaction with the user can be performed to obtain the authorization of the user.
In the process, at least a data authorization protocol provided for the user needs to be carried in the second authorization request, so that the user can know necessary information for personal data collection, including a use purpose, an information type and scope, a user right and the like.
S202: the data authorization agreement is signed in response to a user action.
S203: and returning the signed data authorization protocol to the first equipment.
In the two steps, after receiving the second authorization request, the terminal device of the user displays the received data authorization protocol, prompts the user to read the content in the protocol, determines the range of personal data to be used, personal information, purpose, right, scene and other information of the user, and prompts the user to sign the relevant protocol.
After the user confirms to sign the data authorization protocol, the user operates and authorizes the space on the interface of the terminal device to complete the signing of the protocol, and the terminal device responds to the operation of the user and sends the signed data authorization protocol to the first device. And the first equipment receives and stores the data authorization protocol signed by the user and returned by the terminal equipment.
S204: and sending a third authorization request to the terminal equipment, wherein the third authorization request is used for requesting the authority of providing the personal data of the user to other data users.
In this step, unlike the prior art, after obtaining the data authorization agreement signed by the user, the first device needs to acquire the right of providing the user's personal data authorization to other data users again. That is, in order to avoid that a plurality of data users continuously need to sign a data authorization agreement and affect the experience of the user, the first device sends a third authorization request to the terminal device of the user again, where the third authorization request is mainly for requesting the authorization right to share the personal data of the user.
And the terminal equipment receives the third authorization request sent by the first equipment, can display specific information of authority sharing on an interface of the terminal equipment, and reminds a user of authorization.
S205: and returning an authorization result to the first device in response to the operation of the user, wherein the authorization result is used for indicating whether the user allows authorization and authorization information to be provided to other data users.
In this step, when the user determines that the first device is allowed to share the authorization authority with the other device, the user may authorize the operation of the terminal device, and the terminal device returns an authorization result to the first device in response to the operation of the user, where the authorization result is used to indicate whether the user allows the authorization and the authorization information to be provided to the other data user.
In this embodiment, it should be understood that, if the authorization result indicates that the user allows the first device to provide the authorization and the authorization information to the other data users, the first device can execute the technical solution of the foregoing embodiment, and if the authorization result indicates that the first device is not allowed to provide the authorization and the authorization information to the other data users, the first device does not share the right to the other data users without the user being authorized, so as to protect the privacy of the user.
In the processing method for data authorization provided by this embodiment, the first device interacts with the terminal device of the user as a management node, and obtains the authority for using personal data in the data authorization protocol, and at the same time, obtains the authority for providing the authorization of the personal data of the user to other data users. When other data users need the personal data use right of the user, the obtained right can be shared by the first device, interaction between each data user and the user device is avoided, development of links is reduced, the user is prevented from being disturbed, user experience is improved, and the efficiency of obtaining the right is improved.
Fig. 6 is a schematic flow diagram of a third embodiment of the processing method for data authorization provided by the present invention, as shown in fig. 6, on the basis of any of the above embodiments, the manner of obtaining authorization and authorization information according to the data authorization request in step S102 may be specifically implemented as the following two cases:
in the first case, when the authority of the first authorization request is consistent with the authority in the data authorization protocol signed by the user, the authorization and the authorization information are obtained according to the data authorization protocol; wherein the authorization information comprises at least one of: data scenario, purpose of use, type and scope of information, scope of authorization, user rights.
That is, if the authority requested by the first authorization request is included in the authority authorized in the data authorization agreement signed by the user, the first device may directly obtain the authorization and authorization information shared with the second device according to the data authorization agreement signed by the user.
In the second case, when the authority of the first authorization request is not consistent with the authority in the data authorization protocol signed by the user, the first device may interact with the terminal device of the user again to obtain the authority required by the second device.
As shown in fig. 6, the specific implementation steps are as follows:
s1021: and when the authority in the first authorization request is inconsistent with the authority in the data authorization protocol signed by the user, sending a fourth authorization request to the terminal equipment of the user according to the authority in the first authorization request, wherein the fourth authorization request is used for requesting the authority in the first authorization request.
In this step, when it is determined that the data authorization protocol signed by the user does not have the authority requested by the second device, the first device may serve as a management device, send a fourth authorization request to the user again, request the authority that is needed by the second device and has not been authorized to the user, and in a similar manner to the foregoing scheme, send a new data authorization protocol to the terminal device of the user, so that the user can obtain related information.
The new data authorization protocol may include only a part that is not included in the original protocol requested by the second device, or may include contents of new rights that are included in the original protocol and requested by the second device, which is not limited in this embodiment.
S1022: and receiving a new data authorization protocol signed by the user and returned by the terminal equipment.
In this step, similar to the foregoing scheme, after the terminal device receives the fourth permission request, the user determines whether to perform authorization according to the knowledge of the content in the data authorization protocol. After the user signs the new data authorisation protocol, the terminal device returns the new data authorisation protocol to the first device.
S1023: and obtaining authorization and authorization information according to the new data authorization protocol.
The first device may obtain authorization and authorization information shared with the second device according to the data authorization agreement newly signed by the user.
In this scenario, it should also be understood that if the first device obtains more rights from the user, if the user has authorized the first device to share all rights authorized by the first device, the first device may directly send the obtained authorization and authorization information to the second device. If the user only authorizes sharing of the authority in the data authorization protocol signed last time, the first device needs to send an authorization request to the user again after acquiring the new data authorization protocol, and acquires the authority for providing the new data authorization protocol and the authority of the authorization information to other data users.
According to the processing method for data authorization, when data or authority required by other data users is increased or changed, the first device serving as the management node can interact with the terminal device of the user, a data channel is quickly established to obtain new authority, and the problem that the data channel is repeatedly established between the data users is solved.
Fig. 7 is a flowchart illustrating a fourth embodiment of a processing method for data authorization provided by the present invention, as shown in fig. 7, on the basis of any of the foregoing embodiments, before receiving a first authorization request sent by a second device, the processing method for data authorization further includes the following steps:
s301: and receiving a connection establishment request sent by the second equipment, wherein the connection establishment request is used for accessing the first equipment.
In the scheme, interaction between the first device and devices of other data users, that is, the second devices, needs to establish a connection between the first device and the plurality of second devices before the scheme is implemented.
In a specific implementation, the second device sets an interface for interacting with the first device during design, and when authorization for acquiring personal data of a user is required or at an initial time, a connection establishment request may be sent to the first device according to a pre-configured connection establishment protocol, where the connection establishment request is used to access the first device.
S302: and establishing connection with the second equipment according to the pre-configured connection establishment protocol and the connection establishment request, and returning a connection establishment response to the second equipment.
In this step, after receiving the connection establishment request of the second device, the first device establishes a connection with the second device based on a pre-set consensus mechanism, that is, a connection establishment protocol, and returns a connection establishment response to the second device.
Based on the technical solutions of the foregoing embodiments, it should be understood that the processing method for data authorization provided by the present invention is mainly based on data sharing, a data federation may be formed, a data collector, a data user, and a data application may all join in the federation, and a consensus process of the federation is controlled by a pre-selected management node, that is, the first device in the foregoing embodiments controls the federation. The management node is typically an initial node, and may be, for example, a management node for a data collector to authorize a protocol for data. The data collection party obtains the personal information related to the user and the corresponding use right through user authorization according to the service scene and the application of the data collection party, and the user authorization agrees to share the personal information with other data use parties.
The data collector stores the authorization information, if a alliance chain is established, the authorization information can be uplink, and the content includes: data scene, use purpose, information type and scope, authorization scope, user right, etc., and generate corresponding token.
Other data processing and data application parties need to join the alliance chain, acquire the token through the alliance chain management node, and acquire the user authorization and the corresponding authorization information according to the specified scene, information type and range.
Alternatively to this, the first and second parts may,
in summary, the processing method for data authorization provided by the present invention establishes a consensus mechanism between the data users in the federation, and can expand the use of data by more data users or organizations under the same mechanism. When the authority of the personal data of the user is obtained, the number of times of repeated authorization of the user in the same scene and the same data content is reduced. When data or protocols are increased, a data user can quickly access the management node, and repeated data path construction is reduced. If the content authorized by the user is changed, the information can be updated in the unified management node.
Fig. 8 is a schematic structural diagram of a first embodiment of a data authorization processing device provided in the present invention, and as shown in fig. 8, the data authorization processing device 10 includes:
a receiving module 11, configured to receive a first authorization request sent by a second device, where the first authorization request is used to request an authority to use personal data of a user;
the processing module 12 is configured to obtain authorization and authorization information according to the data authorization request; the authorization and the authorization information are obtained according to a data authorization protocol signed by the user, and the user authorizes the authority content shared by the processing device authorized by the data;
a sending module 13, configured to send the authorization and the authorization information to the second device.
On the basis of the above embodiment, the sending module 13 is further configured to send a second authorization request to the terminal device of the user, where the second authorization request is used to request the right to use the personal data of the user;
the receiving module 11 is further configured to receive and store a data authorization protocol signed by the user and returned by the terminal device;
the sending module 13 is further configured to send a third authorization request to the terminal device, where the third authorization request is used to request that authorization authority of the user personal data is provided to other data users;
the receiving module 11 is further configured to receive an authorization result returned by the terminal device, where the authorization result is used to indicate whether the user allows providing the authorization and the authorization information to other data users.
Optionally, the first authorization request includes a right required by the second device, and the processing module 12 is specifically configured to:
when the authority in the first authorization request is consistent with the authority in a data authorization protocol signed by the user, obtaining the authorization and the authorization information according to the data authorization protocol;
wherein the authorization information comprises at least one of: data scenario, purpose of use, type and scope of information, scope of authorization, user rights.
Optionally, on the basis of the foregoing embodiment, the sending module 13 is further configured to send a fourth authorization request to the terminal device of the user according to the authority in the first authorization request when the authority in the first authorization request is not consistent with the authority in the data authorization protocol signed by the user, where the fourth authorization request is used to request the authority in the first authorization request;
the receiving module 11 is further configured to receive a new data authorization protocol signed by the user and returned by the terminal device;
the processing module 12 is specifically configured to obtain the authorization and the authorization information according to the new data authorization protocol.
On the basis of any of the foregoing embodiments, the receiving module 11 is further configured to receive a connection establishment request sent by the second device, where the connection establishment request is used to access the first device;
the processing module 12 is further configured to establish a connection with the second device according to a preconfigured connection establishment protocol and the connection establishment request, and return a connection establishment response to the second device through the sending module 13.
The processing apparatus 10 for data authorization provided in any of the foregoing embodiments is configured to execute the technical solution on the first device side serving as the management node in any of the foregoing embodiments, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 9 is a schematic structural diagram of a second embodiment of the processing device for data authorization provided by the present invention, and as shown in fig. 9, the processing device 20 for data authorization includes:
a sending module 21, configured to send a first authorization request to a connected first device, where the first authorization request is used to request an authority to use personal data of a user;
a receiving module 22, configured to receive authorization and authorization information returned by the first device, where the authorization and the authorization information are obtained by the first device according to a data authorization protocol signed by the user, and the user authorizes the right content shared by the first device.
Optionally, the first authorization request includes a right required by the second device, where the right includes at least one of: data scenario, purpose of use, type and scope of information, scope of authorization, user rights.
On the basis of any of the foregoing embodiments, the sending module 22 is further configured to send a connection establishment request to the first device according to a pre-configured connection establishment protocol, where the connection establishment request is used to access the first device;
the receiving module 21 is further configured to receive a connection establishment response returned by the first device.
The processing apparatus 20 for data authorization provided in the foregoing embodiment is configured to execute the technical solution on the second device side as the data consumer in any of the foregoing method embodiments, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 10 is a schematic structural diagram of a third embodiment of a data authorization processing device provided in the present invention, and as shown in fig. 10, the data authorization processing device 30 includes:
a receiving module 31, configured to receive a second authorization request sent by the first device, where the second authorization request is used to request a right to use personal data;
a processing module 32 for signing a data authorization agreement in response to a user's operation;
a sending module 33, configured to return the signed data protocol to the first device;
the receiving module 31 is further configured to receive a third authorization request sent by the first device, where the third authorization request is used to request permission to provide authorization of the personal data of the user to other data users;
the sending module 33 is further configured to send an authorization result to the first device in response to an operation of the user, where the authorization result is used to indicate whether the user allows providing the authorization and the authorization information to other data users.
The processing apparatus 30 for data authorization provided in the foregoing embodiment is configured to execute any of the foregoing method embodiments, as a technical solution on the terminal device side of the user, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 11 is a schematic structural diagram of a first embodiment of an electronic device provided in the present invention, and as shown in fig. 11, the electronic device 40 includes: a memory 41, a processor 42 and an interaction interface 43,
stored on the memory 41 is a computer program that can be run on the processor 42 and that, when executed by the processor 42, carries out the method steps of the first device side of any of the preceding method embodiments.
The interactive interface 43 of the electronic device 40 is used for communication and data interaction with other devices. In a specific implementation, the interactive interface 43 may include a network interface, and the present solution is not limited thereto.
The above-described respective devices of the electronic apparatus 40 may be connected to each other by a bus 44.
The memory 41 may be a separate memory unit or a memory unit integrated into the processor 42. The number of processors 42 is one or more.
Fig. 12 is a schematic structural diagram of a second embodiment of an electronic device provided in the present invention, and as shown in fig. 12, the electronic device 50 includes: a memory 51, a processor 52 and an interactive interface 53,
stored on the memory 51 is a computer program that can be run on the processor 52 and that, when executed by the processor 52, carries out the method steps of the second device side of any of the preceding method embodiments.
The interactive interface 53 of the electronic device 50 is used for communication and data interaction with other devices. In a specific implementation, the interactive interface 53 may include a network interface, which is not limited to this embodiment.
The above-described respective devices of the electronic apparatus 50 may be connected to each other via a bus 54.
The memory 51 may be a separate memory unit or a memory unit integrated into the processor 52. The number of processors 52 is one or more.
Fig. 13 is a schematic structural diagram of a first embodiment of a terminal device provided in the present invention, and as shown in fig. 13, the terminal device 60 includes: a memory 61, a processor 62 and an interaction interface 63,
stored on the memory 61 is a computer program that can be run on the processor 62 and that, when executed by the processor 62, carries out the method steps on the terminal device side in any of the preceding method embodiments.
The interactive interface 63 of the terminal device 60 is used for communication and data interaction with other devices. In a specific implementation, the interactive interface 63 may include a network interface, which is not limited to this embodiment.
The above-described respective devices of the terminal device 60 may be connected to each other via a bus 64.
The memory 61 may be a separate memory unit or a memory unit integrated into the processor 62. The number of processors 62 is one or more.
In the above implementation in an electronic device or a terminal device, the memory and the processor are directly or indirectly electrically connected to each other to realize data transmission or interaction, that is, the memory and the processor may be connected through an interface or may be integrated together. For example, the components may be electrically connected to each other via one or more communication buses or signal lines, such as a bus. The Memory may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory is used for storing programs, and the processor executes the programs after receiving the execution instructions. Further, the software programs and modules within the aforementioned memories may also include an operating system, which may include various software components and/or drivers for managing system tasks (e.g., memory management, storage device control, power management, etc.), and may communicate with various hardware or software components to provide an operating environment for other software components.
The processor may be an integrated circuit chip having signal processing capabilities. The processor may be a general-purpose processor, and includes a Central Processing Unit (CPU), an image processor, and the like, and may implement or execute the methods, steps, and logic block diagrams disclosed in the embodiments of the present application.
The present invention further provides a computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method for processing data authorization as provided in any of the method embodiments described above.
The invention also provides a computer program product comprising a computer program for execution by a processor of the steps of a processing method for data authorization in any of the preceding method embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling an electronic device (such as a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (16)

1. A method for processing data authorization, which is applied to a first device, the method includes:
receiving a first authorization request sent by a second device, wherein the first authorization request is used for requesting the authority of using personal data of a user;
acquiring authorization and authorization information according to the data authorization request; the authorization and the authorization information are obtained according to a data authorization protocol signed by the user, and the user authorizes the authority content shared by the first device;
and sending the authorization and the authorization information to the second device.
2. The method of claim 1, wherein prior to receiving the first authorization request sent by the second device, the method further comprises:
sending a second authorization request to the terminal equipment of the user, wherein the second authorization request is used for requesting the authority of using the personal data of the user;
receiving and storing the data authorization protocol signed by the user and returned by the terminal equipment;
sending a third authorization request to the terminal device, wherein the third authorization request is used for requesting the authority of providing the user personal data to other data users;
and receiving an authorization result returned by the terminal equipment, wherein the authorization result is used for indicating whether the user allows the authorization and the authorization information to be provided for other data users.
3. The method according to claim 1 or 2, wherein the first authorization request includes a right required by the second device, and the obtaining authorization and authorization information according to the data authorization request includes:
when the authority in the first authorization request is consistent with the authority in a data authorization protocol signed by the user, obtaining the authorization and the authorization information according to the data authorization protocol;
wherein the authorization information comprises at least one of: data scenario, purpose of use, type and scope of information, scope of authorization, user rights.
4. The method of claim 3, further comprising:
when the authority in the first authorization request is inconsistent with the authority in a data authorization protocol signed by the user, sending a fourth authorization request to the terminal equipment of the user according to the authority in the first authorization request, wherein the fourth authorization request is used for requesting the authority in the first authorization request;
receiving a new data authorization protocol signed by the user and returned by the terminal equipment;
and obtaining the authorization and the authorization information according to the new data authorization protocol.
5. The method according to claim 1 or 2, wherein before receiving the first authorization request sent by the second device, the method further comprises:
receiving a connection establishment request sent by the second device, wherein the connection establishment request is used for accessing the first device;
and establishing connection with the second equipment according to a pre-configured connection establishment protocol and the connection establishment request, and returning a connection establishment response to the second equipment.
6. A method for processing data authorization, which is applied to a second device, the method includes:
transmitting a first authorization request to a connected first device, the first authorization request requesting a right to use personal data of a user;
and receiving authorization and authorization information returned by the first equipment, wherein the authorization and the authorization information are obtained by the first equipment according to a data authorization protocol signed by the user and the authority content shared by the first equipment authorized by the user.
7. The method of claim 6, wherein the first authorization request includes a right required by the second device, wherein the right includes at least one of: data scenario, purpose of use, type and scope of information, scope of authorization, user rights.
8. The method according to claim 6 or 7, wherein before sending the first authorization request to the connected first device, the method further comprises:
sending a connection establishment request to the first equipment according to a pre-configured connection establishment protocol, wherein the connection establishment request is used for accessing the first equipment;
and receiving a connection establishment response returned by the first equipment.
9. A processing method for data authorization is applied to a terminal device, and the method comprises the following steps:
receiving a second authorization request sent by the first device, wherein the second authorization request is used for requesting the authority of using the personal data;
signing a data authorization agreement in response to the operation of a user, and returning the signed data agreement to the first device;
receiving a third authorization request sent by the first device, wherein the third authorization request is used for requesting the authority of providing the personal data of the user to other data users;
and an authorization result returned to the first device in response to the operation of the user, wherein the authorization result is used for indicating whether the user allows the authorization and the authorization information to be provided to other data users.
10. A device for processing data authorization, comprising:
the receiving module is used for receiving a first authorization request sent by second equipment, wherein the first authorization request is used for requesting the authority of using personal data of a user;
the processing module is used for acquiring authorization and authorization information according to the data authorization request; the authorization and the authorization information are obtained according to a data authorization protocol signed by the user, and the user authorizes the authority content shared by the processing device authorized by the data;
and the sending module is used for sending the authorization and the authorization information to the second equipment.
11. A device for processing data authorization, comprising:
a sending module, configured to send a first authorization request to a connected first device, where the first authorization request is used to request an authority to use personal data of a user;
and the receiving module is used for receiving authorization and authorization information returned by the first equipment, wherein the authorization and the authorization information are obtained by the first equipment according to a data authorization protocol signed by the user, and the user authorizes the authority content shared by the first equipment.
12. A device for processing data authorization, comprising:
the receiving module is used for receiving a second authorization request sent by the first equipment, and the second authorization request is used for requesting the authority of using the personal data;
the processing module is used for signing a data authorization protocol in response to the operation of a user;
the sending module is used for returning the signed data protocol to the first equipment;
the receiving module is further configured to receive a third authorization request sent by the first device, where the third authorization request is used to request permission to provide authorization of the personal data of the user to other data users;
the sending module is further configured to respond to an authorization result returned by a user to the first device, where the authorization result is used to indicate whether the user allows the authorization and the authorization information to be provided to other data users.
13. An electronic device, characterized in that the electronic device comprises:
a memory, a processor, and an interactive interface;
the memory stores a computer program executable on the processor, the computer program implementing the steps of the method of data authorization processing according to any one of claims 1 to 5 or 6 to 8 when executed by the processor.
14. A terminal device, characterized in that the terminal device comprises:
a memory, a processor, and an interactive interface;
the memory stores a computer program operable on the processor, which computer program, when executed by the processor, carries out the steps of the method of data authorization processing according to claim 9.
15. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the processing method of data authorization according to any one of claims 1 to 9.
16. A computer program product, characterized in that it comprises a computer program which is executed by a processor for implementing the steps of the processing method for data authorization according to any one of claims 1 to 9.
CN202011447324.1A 2020-12-11 2020-12-11 Data authorization processing method, device, equipment and storage medium Pending CN112417407A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011447324.1A CN112417407A (en) 2020-12-11 2020-12-11 Data authorization processing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011447324.1A CN112417407A (en) 2020-12-11 2020-12-11 Data authorization processing method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN112417407A true CN112417407A (en) 2021-02-26

Family

ID=74776473

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011447324.1A Pending CN112417407A (en) 2020-12-11 2020-12-11 Data authorization processing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112417407A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113094656A (en) * 2021-03-08 2021-07-09 海信集团控股股份有限公司 Access control terminal device, server and method
WO2023040531A1 (en) * 2021-09-16 2023-03-23 深圳市富途网络科技有限公司 Account authorization method and apparatus, device, storage medium, and computer program product

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113094656A (en) * 2021-03-08 2021-07-09 海信集团控股股份有限公司 Access control terminal device, server and method
WO2023040531A1 (en) * 2021-09-16 2023-03-23 深圳市富途网络科技有限公司 Account authorization method and apparatus, device, storage medium, and computer program product

Similar Documents

Publication Publication Date Title
US8561172B2 (en) System and method for virtual information cards
US8087060B2 (en) Chaining information card selectors
EP2113858A1 (en) Remotable information cards
EP3337219A1 (en) Carrier configuration processing method, device and system, and computer storage medium
CN109525592B (en) Data sharing method, device, equipment and computer readable storage medium
CN112417407A (en) Data authorization processing method, device, equipment and storage medium
CN111614624A (en) Risk detection method, device, system and storage medium
CN112165727B (en) Parallel network distribution system and method and mobile terminal
CN112866385A (en) Interface calling method and device, electronic equipment and storage medium
CN113271289A (en) Method, system and computer storage medium for resource authorization and access
CN103778379B (en) Application in management equipment performs and data access
CN112702336A (en) Security control method and device for government affair service, security gateway and storage medium
CN109657485B (en) Authority processing method and device, terminal equipment and storage medium
CN112560006B (en) Single sign-on method and system under multi-application system
CN114048498A (en) Data sharing method, device, equipment and medium
CN114244568A (en) Security access control method, device and equipment based on terminal access behavior
US20150296051A1 (en) Methods, remote access systems, client computing devices, and server devices for use in remote access systems
CN113572763A (en) Data processing method and device, electronic equipment and storage medium
CN109992298B (en) Examination and approval platform expansion method and device, examination and approval platform and readable storage medium
CN112769757A (en) Data pushing method, device and system
CN116723029A (en) Access control method, device, equipment and storage medium
WO2014079489A1 (en) Methods and systems for managing access to a location indicated by a link in a remote access system
CN112543194B (en) Mobile terminal login method and device, computer equipment and storage medium
CN115221562A (en) Browser file signature method and device and computer readable storage medium
CN109785129B (en) Data acquisition method, device, equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination